Copy Link
Add to Bookmark
Report
NPANXX Issue 04
_,,<!!!>>- -.
.,<!!!!!!''' ,<!!!>`
.,<!!>' -` /''!!!''' ..,,,,,,.
''''' | Npanxx104 ' ..;;;<!!!!!!!!!!!!'''!!!!!>;
,,<<!!> / ..;;;!!!!!!!!!!!!!!!!'.,,,;;;;,,.````'
!!!''``..;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!;
''.;<!!!!>'``'.,!!!!!!!!!!!!!!!!''''```'.,,,,,,,,,,,.
.,<!!!!''' .,;;!!!!!!!!!!'''''`.,;;;;'''''````` ```'
.;<<!''.,;;!;!!!!!!!!''``.,;;;!'''```` <;;;;!!!!!!!!!!!;;
.;;!!!!!!!!!!!!!!!!!''`.,;;;!''``` `Ccd$?? ```!!!!!!!!!!!!'`
;<!!'`!!!!!!!!!!!!''.,;;>'''``...= -?$$F '!!!!!!!!''`
;!!'',;<!!!!!!!!'`.,;;''`` ..zc$""J" _, ""$$$$. !!'''`
` ,;;!!!!!!''`.;;''` `" ,r=4MMMMn cc$$cccJ??=
,<!!!!!!'',;;''` _,_ JPbell)MMM>`$$$$$cc==
;!!!''',-''` ,c= ,dMM"we "L. .,cc 4LsouthJMMP cc"?$$$$$c??,
'''.-'` ,<<! z?$cL <MMMM own M .$$$$. `"===""" J$$$$$$$hJ$h-
.-` ,;<!!!. c$',,,c`4MMMb,.,P',?$$$$$$$$hccd$$$$$$$$$$$$$?$"=
' ,<!!!!!!!! -,P' z$$$h."PPP"".,$h$$???""""""?` "? " "
`````` c$"z$$?$CLc ,cJ$$$$$" " 02/25/02 - 03/09/02 .. Volume 1 Issue
4 - 02/25/02 - End - 03/09/02
",c??'$$$$$$$$??" ,. ;;!!;, $?c "Wear the grud
ge like a crown of negativity"
3"Jh,$$$??" ` ;<!!!!>.)!!!!> .$h.?
/??"""" " `'!!NPANXX!!!' z$$r',`
,c=. ,cccccc,. ```''''' ,cd$$$$F `
`"z$$$$$$$$$$$$$$$$hcccc,.,c,,ccc$$$$$$$$$P'
4?$F$$$$$$$$$$$$$$$0$$$$$$$$$$$$$$$$$$$?$$P=
`'"""P$$$?$$$$$$"$$$$$$$$$$$$$$$$$$$C3l$$P'
WWW.teamphreak.net /-$P?$c$"$$$$hdhC$$$$$$"$$$$?$$$P""? "
IRC.teamphreak.net `" """h.)J??$$$$$$$$$h. J""= ??% -
. c`" `""""?$"??C"?`=... .. '!!'`````---..
,;;;'''`''.r.-`,$c - c,"-== J --ccc$c,.` !!!!!!>.``'';.
.;;!''',;;'`'' " `,$$??-,cr?$hcc9$$cc$$''." !!!!!!!!!!!(.<!;
.;!!!(;!!'',;!'< ,-"',cd$F'.,$?$$$$$$c`"""'."4.`!!!!!!!!!!!!!!>
.<!!!!!!!!!!!!!!! -"."=??P?$?,'.d$c"????"???$$"?" '`. `'!!!!!!!!
<!!!!!!!!!!!!!!!'' ` ` . ,, ,c,,``$hcc$"?"'' ,chc$C,?$$> `!!!!!` <
'!!!!!!!!!!!!''` ,,c,dc$hc,$$$c `$F ,cd$F .$cc "$$$$$$,`$h`c `' ,<!'
``'!!!!!'` ,',, `"$$$$h`?$$.?.` ?"-$" ,c$"$$hc "?$$$h $$$$h ;!!'
`<;..`''` c'$$$$$$c`??$$$$."$$ch .=".F `?$$.?$$$h,`$$$C $C??""'' ;!
; `''!;;. -?$?$$$??$c3$$C$$.?$$ ` `'' -"c"c`??$$=???$c`$h '.;''``
!!!;;;.'`` `"h`$$$`"?$$$$$$h."c"',`(!!!!;.... "'`" -`"???'.!`.-$"'
!!!!!!!!!!!..` ` ""$c,`??$$' ""......``.....;;;;<!;.(.;;;!! )L .
`!;,.``''''!!!;,;;,,..,, ..;!!!!!!!!!!!!!!!''!!!!!''''``'.!! 'M - !
;'````'!!>;;<!!(,.``'''''''''''''!!!!!!`_-npanxx ,;;-''''<!!! M ! >
'' !!!> `!!''..``<!!!!!!''''<!!!!!'```<>"" MP' M !! .;!!; !!>; M ! >
'>!!!!!> !! !!!!; `!!!' ;!!; `!!! ;!!; `;<.;;; M !! !!!!! `!>' M ! !
'>!!!!!! !> !7!7! 0!8! <!!!!>'!!! !!!!> !!! !! M !! !!!!! !!>',M ! !
''!!!!! !>;!!!!! <!!! <!!!!>'!!! !!!!! !!! !! 4 !! !!!!! '`,nP' ! >.
<!!!!! !> !!!!! !!!! '!!!!>'!!! !!!!! !!!;!!.`b_` ```_,,="" ,<!> !!
!!!!!> !! !!!!! !!!! ;!!!!>'!!! !!!!! !!!!!!!>,`""""""' ;;!!!!!! !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
"NPANXX upholding the Bell tradition of quality text files and exploits"
@@@@@@@@@@@@@@@@@@@@@@@@<=OSCAR Owns SPRINT=>@@@@@@@@@@@@@@@@@@@@@@
<#############################C#O#N#T#E#N#T#S##############################
>
### .$$.$$.$$.$$.Introduction and Updates.$$.$$.$$.$$.$$.$$.$$.$$.$$.$$ ##
#
### ##
#
### 1. Scanner Basics............................................rotary ##
#
### 2. Exploiting weak password schemes with gdb...............phractal ##
#
### 3. The MeetingPlace Conference System...........................bor ##
#
### 4. Capacitance on Telephones.............................mcphearson ##
#
### 5. Telesystems load balancing by magnetic resonance.......trunkLord ##
#
### 6. Breaking into VMBS..........................................ic0n ##
#
### 7. WOE-DATA FLOW DIAGRAM....................Contributed by phractal ##
#
### ##
#
### .$$.$$.$$.$$.Links and Advertisment.$$.$$.$$.$$.$$.$$.$$.$$.$$.$$. ##
#
### (see the end of the issue) ##
#
###########################################################################
#
<########################.S#t#a#f#f#/E#M#A#I#L#S.##########################
>
<###########################Staff and Email################################
>
### ##
#
### mcphearson parenomen@teamphreak.net ##
#
### phractal phractal@teamphreak.net ##
#
### bor bor@teamphreak.net ##
#
### TrunkLord trunklord@teamphreak.net ##
#
### stain stain@teamphreak.net ##
#
### Article submission articles@teamphreak.net ##
#
### To email the entire staff staff@teamphreak.net ##
#
### ##
#
### By the way if there is some dying need to get in touch with us, ##
#
### and it cant wait you may do so by phone. You can call the ##
#
### teamphreak toll free information hotline/msg center at ##
#
### 1-866-248-7671 ext: 3974 after you enter in the pin you must wait ##
#
### a little bit before it will connect. Also, there is no # at the ##
#
### end of that pin ##
#
### ##
#
###########################################################################
#
<############################S#H#O#U#T#O#U#T#S#############################
>
<##################################Shouts##################################
>
### Lucky225 # iluffu # Rotary and Wildsmile ##
#
### deadkode # 9x and d4rkcyde # b4b0 ##
#
### Overlord DDRP # original tp members# Wildsmile ##
#
### Setient # vap0r # ic0n ##
#
### zylone # jenna jameson # ##
#
###########################################################################
#
<######################N#O#T#E#F#R#O#M#E#D#I#T#O#R#########################
>
<###########################Note from editor###############################
>
### ##
#
### Team Phreak contributes to the scene. We write our own articles ##
#
### and do not rely heavily on outside sources for our issues, unlike ##
#
### some other groups (unless other wise noted). We may use other ##
#
### materials for news articles or in research purposes to verify what ##
#
### we type is fact, but we guarantee that all articles are written by ##
#
### us and anyone who wishes to contribute original texts. Also please ##
#
### come and vist us on irc at irc.teamphreak.net or irc.phelons.org ##
#
### and join us on the world wide web at www.teamphreak.net ##
#
### ##
#
###########################################################################
#
###########################################################################
#
_
______ /_/\
/-/ / / /-/ \_| _________________
/ /==//=/_/ `-' //|
|/=====/ irc.teamphreak.net or // |
/=====/_ irc.phelons.org // 0|
// ///----------------------// /
// /// .----O #TEAMPHREAK || /
// /(/ //\__/ ________________/|/
// / //\ \/ /
// / '-----' /
// / / _____./
// / / /
// /_ / /
// /''/-\\/
// / // //
//__/ // /
/| _ \//_ /
[ |_| . | www.teamphreak.net
|____/---
===========================================================
_ _ ___ _ _ _ _ ___ _ _ _ ========
| | \ | | | ) | | | \ | | / | | | | | \ | ========
| | \| | | \ |_| |_/ |_| \_ | | |_| | \| ========
===========================================================
It's amazing how much stuff has happened since the release
of NPANXX103. Even though that release was only a few weeks
ago, we have gotten a domain, IRC server, gained a new
member, and now we have what we think is the best issue to
date.
In this issue, we've got a ton of useful stuff. We go over
things such as the MeetingPlace Conference System, Breaking
into VMBs, A very nice article about Telesystem load
balancing and magnetic resonance, and some other nice stuff
for all of you. However I guess you probably already saw that
in the table of contents. Time to go off and write my article
for NPANXX105.
- bor. (bor@teamphreak.net)
_________________________________________________________________________
_ _ _ _ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \
( T | e | a | m | P | h | r | e | a | k )
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/
_ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \
( U | p | d | a | t | e | s |
\_/ \_/ \_/ \_/ \_/ \_/ \_/
- [02/25/02] Stain joined teamphreak!
- [02/28/02] Set up Irc server - irc.teamphreak.net
- [03/02/02] Domain working - www.teamphreak.net
- [03/05/02] Listed on www.undergroundnews.com
- [03/09/02] Teamphreak 1800 hotline now up (Also mad props to trunklord)
The number is: 1-866-248-7671 ext: 3974
- [03/10/02] Listed on www.ppchq.org
- [03/11/02] Layout redone (thanks trunklord!)
_ _ _
/ \ / \ / \
( E | N | D |
\_/ \_/ \_/
__________________________________________________________________________
-========================================================================-
--======================================================================--
1.Scanner Basics --=====================================================--
Written By: Rotary --===================================================--
Written For: BNW (http://www24.brinkster.com/bravenewworld/) --=========--
But submitted to NPANXX --==============================================--
Written On: xx/xx/xx --=================================================--
--======================================================================--
-========================================================================-
Things to know about "Police Scanners."
If you are considering purchasing a "police scanner",
there are somethings you should know. The main things to consider
about a scanner are the radio bands (how many and which ones it has),
# of channels it holds (more is better), whether it
can limit scan, whether it's handheld or a base unit
(and if it's handheld, whether it has an A/C adaptor
because they use alot of batteries!), and whether or not
it handles trunking.
Radio frequencies are split into several different sub-groups,
called "bands," most of which aren't important for the type of
scanning I'm discussing here. The ones that are important to us
are the "land-mobile" bands. These bands are set aside for
two-way communications between offices, 2-way radio-equipped
vehicles, & portable 2-way radios (Walkie-talkies). There are
5 major land-mobile bands:
VHF-low 30.000-50.000 MHz
VHF-high 138.000-174.000 MHz
UHF 406.000-470.000 MHz
UHF-T 470.000-512.000 MHz
"800" band 806.000-940.000 MHz
Many of the older & cheaper scanners have the first 4 bands,
but not the all-important 800 band. The 800 band is special
because that's the band that cell phone transmit on. Unfortunately,
even if you do find a scanner with the 800 band, if you're in the
US it will probably have the cell frequencies
(824-849 MHz and 869-894 MHz) blocked out. That's because Federal
Law requires them to be deleted from all scanners imported to or
manufactured in the US. The best way to get a scanner
with cell frequencies is to buy it from someone second-hand in the UK.
But no worries; even if you can't get the cell frequencies, there's
still plenty of fun to be had with a scanner!
Another thing that is important about the 800 band is that it is
becoming more and more popular with the police & other government/public
safety organizations. However, most of these frequencies are trunking systems,
so you have to have a scanner that handles trunking to take advantage of them.
I'll cover trunking a little later. But no worries; even if your scanner doesn'
t
handle trunking, you can STILL have lots of fun with the 800 band. It also
happens to be the band where most modern cordless phones transmit (900 MHz).
OK, so now you know lots of great things about the 800 band, but the
scanner you saw at the Ham-Fest for $30 only has the first 4 bands
(VHF-low, VHF-high, UHF, UHF-T). Is it worth it? You bet! There are still
plenty of interesting things to check out on the lower bands.
VHF-low is the band that many of the older and/or cheaper cordless phones
transmit on. Limit scan this band (40 - 50 MHz) & you'll find a host of people
in your community having phone conversations. Each phone transmits on a particu
lar
frequency, so each time you pick up a phone conversation, you can record that
frequency & find the same person talking on the phone again and again.
That is, assuming you're into that kinda thing... >8-D
VHF-high is mostly private aircraft communications, 24-hour weather reports, an
d
ham radio operators. Some local emergency organizations use this band also
(like volunteer fire departments & EMT), but I haven't spent much time scanning
this
band because I found it rather boring.
UHF has mostly various government communications. Also kinda boring...
UHF-T is where most of the interesting police & emergency communications happen
.
That is, the ones that aren't on the 800 band anyway. You can find a good list
of local police/emergency frequencies from RadioShack's "Police Call" (a must
for any scanner buff), and from various places on the internet. These are only
a starting point, though.
To get a good list of local frequencies, you have to do some work. First, you n
eed
to keep a log of your scanning activities. At the very least, you need to keep
track
of which frequencies you've scanned for any length of time & mark whether they'
re
used often and/or whether you heard anything interesting. Program the frequenci
es
from "Police Call" (and any from other sources) into your scanner & scan them f
or
a couple of weeks to find out which ones are used & which ones are interesting.
After that, limit scan frequency ranges near the frequencies that you have foun
d
interesting. You'll have to check the manual for your particular scanner if it
doesn't work like mine, but for most models, you simply hit "program" then "lim
it"
then enter the frequency you want to start with, then "limit" then enter the fr
equency
you want to end your scan with. For example, say you want to scan 40.000 - 45.0
00,
you would hit "limit" "40.000" "limit" "45.000" "enter". Then hit scan & it wil
l run
through those frequencies until it captures a signal.
When choosing a range to scan, you should keep in mind that the average radio
communication is around 3-5 seconds. Set your scanner on it's fastest speed & l
imit
scan a range that your scanner can cover in 3-5 seconds.
Each time you find a new frequency that seems to be used, program it into your
scanner
for a couple of weeks & see if it's used often and is interesting. You should u
sually
set "delay" for police transmissions, because often multiple people will be usi
ng the
same channel & there will be a pause after one person starts talking & before s
omeone
else responds. The delay tells your scanner to wait on that frequency for a cou
ple of
seconds before leaving to continue it's scan.
- rotary
******
*END**
******
-===========================================================-
--==========================================================--
2.Exploiting weak password schemes with gdb --==============--
Written By: phractal (phractal@teamphreak.net) --===========--
Written For: NPANXX (www.teamphreak.net) --=================--
Written On: 02/28/2002 --===================================--
--==========================================================--
-============================================================-
//precondition:
//This article is working with a FreeBSD environment for this article,
//so the asm gdb stuff may be a bit different if running on linux or any
//other non-BSD unix. phractal assumes general C and GDB knowledge of
//reader, but I'm not a virtuoso at it, so feel free to mail me my
//mistakes or to school me more in the ways of ASM
Well, I know that one can do the same tasks which this blurb discusses
with a common hex editor, or even easier, use the strings program
but in an effort to look leet, as well as learn about memory and stuff,
I present a way to do it with gdb. Eh, maybe you'll learn something
Well, some of you may be asking what it is that I am going to school you
on. I am talking about very weak means of password protecting programs,
and how to use gdb to reverse engineer them and get the password. I
don't know of any programs that this would be of great use to, but hey,
its a concept ;)
let's start with some k0de:
///////////////////
pass.c
//////////////////
---KUT------------
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
main() {
char pass[20];
printf("enter password \n");
gets(pass);
if(strcmp(pass,"boob")) {
printf("access denied \n");
exit(0);
}
else
{
printf("access granted \n");
}
return 0;
}
------END KUT--------------
ok, now go ahead and compile this party
$ gcc -o pass pass.c
Now test it out to make sure it werkz
$./pass
enter password
boob
access granted
$
ok, cool that worked, let's try a wrong password
$./pass
enter password
zzzz
access denied
$
Alright, everything is in order, OR SO IT MAY SEEM!!
Let's whip out good ol' gdb.
$ gdb pass
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...(no debugging symbols found
)...
(gdb) disass main
Dump of assembler code for function main:
0x804854c <main>: push %ebp
0x804854d <main+1>: mov %esp,%ebp
0x804854f <main+3>: sub $0x28,%esp
0x8048552 <main+6>: add $0xfffffff4,%esp
0x8048555 <main+9>: push $0x80485fb
0x804855a <main+14>: call 0x80483f0 <printf> <<<-------------\
0x804855f <main+19>: add $0x10,%esp |
0x8048562 <main+22>: add $0xfffffff4,%esp |
0x8048565 <main+25>: lea 0xffffffec(%ebp),%eax |
0x8048568 <main+28>: push %eax |
0x8048569 <main+29>: call 0x8048400 <gets> <<<----------------|--\
0x804856e <main+34>: add $0x10,%esp | |
0x8048571 <main+37>: add $0xfffffff8,%esp | |
0x8048574 <main+40>: push $0x804860d | |
0x8048579 <main+45>: lea 0xffffffec(%ebp),%eax | |
0x804857c <main+48>: push %eax | |
0x804857d <main+49>: call 0x8048410 <strcmp> <<<-------------|--|----\
0x8048582 <main+54>: add $0x10,%esp | | |
0x8048585 <main+57>: mov %eax,%eax | | |
0x8048587 <main+59>: test %eax,%eax | | |
0x8048589 <main+61>: je 0x80485ac <main+96> | | |
0x804858b <main+63>: add $0xfffffff4,%esp | | |
0x804858e <main+66>: push $0x8048612 | | |
0x8048593 <main+71>: call 0x80483f0 <printf> | | |
0x8048598 <main+76>: add $0x10,%esp | | |
0x804859b <main+79>: add $0xfffffff4,%esp | | |
0x804859e <main+82>: push $0x0 | | |
0x80485a0 <main+84>: call 0x8048430 <exit> | | |
0x80485a5 <main+89>: add $0x10,%esp | | |
0x80485a8 <main+92>: jmp 0x80485bc <main+112> | | |
0x80485aa <main+94>: mov %esi,%esi | | |
0x80485ac <main+96>: add $0xfffffff4,%esp | | |
0x80485af <main+99>: push $0x8048622 | | |
0x80485b4 <main+104>: call 0x80483f0 <printf> | | |
0x80485b9 <main+109>: add $0x10,%esp | | |
0x80485bc <main+112>: xor %eax,%eax | | |
0x80485be <main+114>: jmp 0x80485c0 <main+116> | | |
0x80485c0 <main+116>: leave | | |
0x80485c1 <main+117>: ret | | |
0x80485c2 <main+118>: nop | | |
0x80485c3 <main+119>: nop | | |
__ | | |
Woah, that's alot of information, it probably would have been \ | | |
a lot less if my programming didn't suck so much. Let's examine \ | | |
the program, first from personal experience. What was the first | | | |
thing that we saw it do? Of course,it asked us for the password |--/ | |
to enter. Let's assume that at memory address 0x80455a, the call | | |
to the function <printf> is when that occurs in the program. / | |
PS. We know that when it is, but we're acting like we haven't__/ | |
seen the C source, pretend, use your imagination! | |
__ | |
Ok, we enter in a string of text that will be analyzed to see if \ | |
indeed it IS the password set by the program to unlock itself and \ | |
display 'access granted'. OK, now what could be accepting the |---/ |
string into memory? let's scroll up and look at the gdb ASM dump / |
once again. hey, there is a call to the <gets> function. That __/ |
look's like its it, let's assume so. |
__ |
Now gets() hasn't analyzed the string, it has merely taken it in from\ |
the user and placed it into a variable in memory. So, ONCE AGAIN, we \ |
turn to the ASM dump and look some more. Hey, not that much farther | |
down, we seethe <strcmp> function! That's definetly gotta be it, after |----/
all, it compares strings. What are we comparing? Well, it would be a /
good guess to assume that we are comparing something to the password__/
to see if the password is correct or not.
if we use gdb again
(gdb) x/4bc 0x08044860d
we get the output
0x804860d <_fini+25>: 98 'b' 111 'o' 111 'o' 98 'b'
recocgonize that? there's boob! the password!
Well, like i said, this was a fairly inefficient way to crack the common
un-encrypted password program, but think about how this could be
applied to a more complex situation, such as strings being compared
to other variables as well as other things. I don't care what you use
this info for, just make sure it isn't anything illegal.
- phractal
*******
**END**
*******
-========================================================================-
--======================================================================--
3.The MeetingPlace Conference System --=================================--
Written By: bor (bor@teamphreak.net) --=================================--
Written For: NPANXX (www.teamphreak.net) --=============================--
Written On: 02/28/2002 --===============================================--
--======================================================================--
-========================================================================-
----------------------
Part One: Introduction
----------------------
Throughout time, I've been on a search of teleconference heaven. Of course this
place doesn't exist, and probably never will (except for some fun that we had)
and I'll have to be satisfied with a conference here and a conference there.
However learning about the various conference systems makes for something to
read as time goes by. In my personal opinion, one of the most interesting and
complex conferencing systems is the MeetingPlace Conferencing System by Latitud
e
Communications.
WARNING: Just so that you know: MeetingPlace systems provide an INSANE amount o
f
information to the sysop about what is going on in his/her system. If a decent
sysop is running the MP system, they WILL notice that you are/have been there.
I don't advise that anyone go around setting up conferences for a large amount
of people unless you secure yourselves first. Just use some common sense.
--------------------------------
Part Two: Background Information
--------------------------------
The MP system is more of an all around communication system than a simple
conferencing system. The MP system is comprised of an interent front-end for
the system, as well as the conferencing system. Conferences are able to be
setup through a specified website where all dial-in numbers, pins, descriptions
,
as well as previous/current/future conferences scheduled.
The system is composed of multiple hardware components, all with a seperate
job, working in harmony perfectly. All hardware is connected through the
user's LAN, and is configured to work with each other piece of hardware.
The Software/Hardware is all routed through the owner's PBX system.
The system can handle up to 120 ports simultaniously.
To setup a conference, the person simply needs to enter in their user ID
and password, and they are able to setup conferences, and in some cases,
if there are restrictions to guest viewings of confs, view current/previous/fut
ure
conferences and participants.
Unlike other conference systems, MeetingPlace is NOT controlled by the phone
company. It is a system which is bought by large corporations,and universities
which are used for student, or faculty meetings through the telephone.
I guess you can kind of think of it as a PBX owned by a corporation, however
this is a conference service.
--------------------------------
Part Three: Conference Interface
--------------------------------
When you dial into the MeetingPlace system, you will hear a message that says
"Welcome To MeetingPlace..." and will list all of the following
options by number dialed:
1 - Attend A Meeting - When dialed you are given a prompt to enter a meeting ID
,
and enter your name. This is so that the participants already in the meeting ca
n
hear who is entering the conference.
2 - Access Your Profile - You will be asked to enter your profile number. If yo
u
have one of course, you'll be able to set up meetings, and other things, all
depending on the user level that has been given to you by the sysop. Just so th
at
you know, the default passcode for profiles is the same as the profile number.
So, if you're lucky enough to find a working profile number, just try that firs
t.
The admin profile is usually 0002.
3 - Review Meeting Recordings/Notes - This option allows you to listen to previ
ous
meetings which may have been recorded.
9 - Hear an Overview of MeetingPlace functions - Obvious.
---------------------------------
Part Four: Finding A MeetingPlace
---------------------------------
Of course none of this information is any help to you unless you know of a
MeetingPlace system. Finding a system can be very easy, or very hard.
Many times the numbers used to access them are unlisted company lines.
However the web-interface can be found quite easily at times.
Some companies/universities are not intelligent enough to notice when dangerous
things like their meetingplace interface are published on the web, so this leav
es
their system wide open. When they thought only faculty had access to the system
,
ANYONE could virtually access the system.
One way that I have found systems is by typing "Welcome To MeetingPlace" into v
arious
search engines. I know that it sounds quite lame, and easy, but it actaully wor
ks.
You should be able to narrow out the actual systems from the text files/other w
ebsites.
Many of the systems look quite the same with a java interface and a menu bar on
the left
side of the screen. The company logo is commonly in the top frame, and all meet
ing
information is viewed in the main right frame. It is a very simplistic design.
How easy is it to find a MeetingPlace system? Well, just to let you know,
NASA's MeetingPlace system was wide open for quite awhile. A few months
ago I sent them an e-mail warning them about this, and now it has been closed.
Although if you know the address, you can still view
the site...you just can't view meetings.
So, all in all, it just depends on how secure a certain corporation/university
has been with their system, and how much they plan on keeping it a secret.
Remember, even if you don't find the MeetingPlace interface, you could find
a tutorial written by that company/university which has some needed information
on it. Read anything that you think could be useful.
---------------------
Part Five: Conclusion
---------------------
While the MeetingPlace system is by far the most advanced conferencing system
at this moment, it is also a gamble to play around with. Even though it could
be quite fun to screw around with, the sysop gets a ton of information about
what is going on in his system. You'd be best to secure yourself so that he
cannot tell who you are before you try any funny stuff. Remember, if you do
something, you're screwing with a multi-million corporation or university
which can afford very high priced lawyers. If they can afford a $30,000
conferencing system, then I'm sure lawyers are a little higher on their list.
----------------------
Part Six: Useful Links
----------------------
Latitude Communications - http://www.latitude.com
MeetingPlace Homepage - http://www.meetingplace.net
Latitude MeetingPlace Teleconferencing (by 9x) -
http://packetstorm.decepticons.org/landline_telephony/miscellaneous/9x_lmpt.txt
*******
**END**
*******
-========================================================================-
--======================================================================--
4."Capacitance on Telephones and Cables" ---===========================---
Written By: Mcphearson (parenomen@teamphreak.net) ----================----
Written For: NPANXX 004 (www.teamphreak.net) ----=====================----
Written On: 02/28/02 and stoped on 03/03/02 -----====================-----
------==============================================================------
-------============================================================-------
= = --===================-- = =
= = ----------------------- = =
= = ^^^Table of Contents^^^ = =
= = ----------------------- = =
= = --===================-- = =
1. Capacitance
2. How does a capacitor work
3. How capacitance was discovered
4. Characteristics of Capacitors
5. Why do they call a farad a farad
6. Capacitance on a Telephone pair
7. Basic rules to follow when dealing with capacitors
//1.Capacitance//
In this brand spanking new article by yourstruly, mcphearson,
I will attempt to explain Capacitance and how it has/had an effect on
your telephone cable. I will go over what it is, how it affects your
cable, and how we are able to measure the distance to an open fault.
Capacitance is always present on a cable just like resistance. There
is nothing you can do to stop it. So cables are being made to lessen
the negitive effects that it has. Capacitance reduces the level of
the voice signal as it is being broadcasted along the conductor, and
it lessens the high freq of the signal more than the low freqs.
//2.How the hell does a Capacitor work you ask?//
Well it's simple really, a capacitor is a device that stores an
electrical charge. For your tiny little minds to understand this
complicated topic I will break it down into simple terms. Let us compare
it to filling a scuba diver's air bottle before a dive. The air is pumped
into a bottle by an air compressor which supplies air at a certain pressure.
When the air bottle is empty the air flows quickly, but as the bottle fills
up, the air starts a back pressure and slowly the air is reduced until more
air can be pushed into the bottle. The air valve is shut
and the bottle is disconnected from the compressor.
The amount of air in the bottle depends on the pressure of the
supply: the more pressure you have, the more air will be forced into the
bottle. The second factor is the size the bottle. Ok, I know this will
be a litte hard for you guys to understand but I'm going to run it by you
anyways. The bigger the bottle, the more air it will hold... did you understand
that?! Well for your sake I hope you did, if you didn't, you are a fucking reta
rd
and need to be beaten with a large stick. Anyways back to me explaining
how a capcitor works. This is similar to the way in which a capacitor works
because the capacitor has three main parts (see figure 1.1): top and bottom
plates which are conductors with an electrical connection and a middle layer,
an insulator that separetes the plates. When the voltage starts to run one
plate becomes positive and the other negative.
When the voltage across the capacitor equals the voltage across the
battery, the capcitor is charged to its maximum capacity. This takes some
time and the meter in the circuit kicks until the full charge is reached, it
then comes back to the center point. This is quite like the air pressure
supplied to the divers bottle.
[FIGURE 1.1 - Construction of a capacitor]
------------ Top layer Conductor \
============ Middle layer Non conductor | RULE: The more voltage applied the
greater the charge.
------------ Bottom layer Conductor /
[---END OF FIGURE 1.1------------------------------]
[Figure 1.2]
LINKS
/ ----> Meter
POS ___/ \_______________( /)/______ POS
_+_| Voltmeter _|_+_
_ _ Battery ( / ) <---- |___-_|
- |__/ \___________________________| NEG
NEG| \
LINKS
[---END OF FIGURE 1.2------------------------------]
[Figure 1.3]
Meter
POS ___ ______________(|)/_______ POS
_+_| Voltmeter |__+__
_ _ Battery ( / ) |__-__|
- |___ ________________________| NEG
NEG| ==Retains the charge==
[---END OF FIGURE 1.2------------------------------]
[Figure 1.3]
<--- Meter
POS ___ ______________(\)/_______ POS
_+_| | Voltmeter |__+__
_ _ | ( \ ) ----> |__-__|
- |___ |_________________________| NEG
NEG| ==Discharging the capacitor==
|
Battery
[---END OF FIGURE 1.3------------------------------]
If the links are removed(seen in figure 1.2), the capacitor
will keep its negitive charge. If a link is added to connect the
positive and negative plates, the capacitor will discharge until
the voltage on the plates is the same (Figure 1.3). If that is the case,
the meter will kick to the left as the capacitor discharges.
This kick is like the kick seen on an ohmmeter when it is connected to
a telephone pair or when the reverse switch is thrown.
//3.How capacitance was discovered//
In 1746, Professer Museenbrock put some liquid into a leyden jar
and put a cork in it containing a wire. He applied a high voltage
to the wire to see if the change could be retained. Next, he picked up
the leyden jar with one hand and tapped the wire with his other
hand (see figure 1.4). Then he received a great shock and later stated
that it felt like he was being shocked by lightening. After that he
defined the method of storing electricity in a capacitor.
[---------------------------Figure 1.4----------------------------------]
------- ___ wire -------
Scene 1 ('_') / Scene 2
------- \ | _[] ------- Professer Museenbrock knocked o
ut
\|/ \_Jar of leyden /
| ___ \|/
/ \ {x_x}// //
_/ \_ |_//__//
[------------------------END OF FIGURE 1.4------------------------------]
//4.Characteristics of Capacitors//
Now that you have a grasp of what a capacitor is and what it
does, I will go on to explain what the characteristics of a capacitor
are. The first characteristic would be that the size of the charge depends
on the size of the two pates. The bigger the plate the greater the
charge, just as a larger air tank can store more air. The space
between the plates is very important. The closer the plates are, the
more the capacitor can store. The amount the capacitor can store also
depends on the insulator between the plates. If two plates seperated
by air they would have a factor of 1, if it was seperated by paper it
would have a factor of 2.2, or a capacitor with a paper insulator would
store 2.2 times the charge.
Ceramic materials have factors six to seven times more than
air, and titanium oxide increases the capacitance by a factor of 100.
The unit we measure capacitance in is "Farads" but in actuality
this unit is too big. One farad would be as big as bor's mom's ass
(a house) and could kill a herd of elephants! So we use a unit one
millionth this size,the microfarad (uF). If a uF is to big for what
you need you would use a picofarad (pF) which is one thousand times
smaller.
//5.Why do they call a farad a farad//
They named farad after Michael Faraday. Mr. Faraday lived
from 1791 to 1867. He was an English scientist and received little
formal education. He learned a lot of his scienctific knowledge
from reading and attending lectures by Sir Humphry Davy. In
1833, he became a Fullerian professor of chemistry at the Royal
Instition. He turned down knighthood and the presidency of the
royal Society. His experiements came to be some of the most
significant principles and inventions in scientific history.
He came up with the first dynamo (in the form of a copper
disk rotated between the poles of a permanent magnet),
From his discoverys of electromagnetic infuction, he stemmed
a cast development of electrical machinery for industry.
In the year of 1825, Faraday discovered the compound benzene.
And he did research on electrolysis; this led to the Faraday's
law.
The faraday law states "That the number of moles
of substance produced at an electrode during electrolysis is
directly proportional to the number of moles of electrons
transferred at that electrode. The law is named for Michael Faraday,
who formulated it in 1834. The amount of electric charge carried
by one mole of electrons (6.02 x 1023 electrons) is called the
faraday and is equal to 96,500 coulombs. The number of faradays
required to produce one mole of substance at an electrode depends
upon the way in which the substance is oxidized or reduced
(see oxidation and reduction). For example, in the electrolysis of
molten sodium chloride, NaCl, one faraday, or one mole, of electrons
is transferred at the cathode to one mole of sodium ions, Na+, to
form one mole of sodium atoms, Na, while in the electrolysis of
molten magnesium chloride, MgCl2, two faradays of electrons must be
transferred at the cathode to reduce one mole of magnesium ions, Mg+2,
to one mole of magnesium atoms, Mg." (This information was taken from
some website i found on askjeeves.com)
//6.Capacitance on a Telephone pair//
In my illustrations, I have only given you the example that
capacitors are always sandwhich shaped. This is not true, it does
not matter what shape the capacitor is in. As long as there are two
plates separated by some form of insulation, there will be capacitance.
One of the more common shapes of capacitors are the rolled up kind
that you can put into a condenser tube in a car engine.
Telephone conductors act as capacitor plates when a voltage
is being applied, and they charge up in the same way as capacitors.
The capacitor charge is distributed evenly along the length of the
conductor. The larger the plate area the greater the capacitor, so
the larger the conductor gauge, the greater the capacitace on the
pair. But, I have also told you that the greater the distance
between the plates, the lesss capacitance. So large conductors
are made with thicker insulation to keep the capacitance the same.
Oh by the way, capacitance is not affected by tempature this is
not true for resistance though.
//7.Basic rules to follow when dealing with capacitors//
1. The higher the voltage applied, the greater the charge.
2. Be sure to measure in microfarads or picofarads not farads.
3. Tempature doesnt have an effect on capacitance.
4. Tempature does have an effect on resistance.
5. Cable capacitance depends on the length of the cable.
*******
**END**
*******
-========================================================================-
--======================================================================--
5.Telesystems load balancing by magnetic resonance ---=================---
Written By: TrunkLord (trunklord@teamphreak.net) ----=================----
Written For: NPANXX 004 (www.teamphreak.net) ----=====================----
Written On: 03/02/02 and stoped on 03/03/02 -----====================-----
------==============================================================------
-------============================================================-------
Table of Contents
I. Load Balancing I.
II. How to get RID of the MRLBS
III. Formulas
This article written in accordance with the
TeamPhreak rules and regulations. Failure to
notify the author before modifications take
place within the document will automatically
void the integrity of the information listed.
This information is not to be held, or used by
general public. Only BELL and VERIZON authorized
associates should acknowledge this information
to exist. Use of this material may result in
imprisonment or fines up to $25,000.
This information is for educational purposes only
please do not attempt anything in this article.
//I.Load Balancing//
The MR Load Balancing System, which is a PCI card
that fits into slots 23A, 23B, 23C, 23D, and 23Z
of the DMS 500 switching system automatically
integrates or removes part of a trunk group
based on number of participating customers.
As you may know, Voltage creates Magnetic fields.
the MRLBS (MR load balancing system) automatically
reads these fields to ensure equal channel bandwidth
is being distributed to each subscriber. One thing
you have to know about the DMS 500 system, is that
since it is a relatively new system, late 1999, it
is almost 100% computer based, somewhat like the
DMS-250A. However, bell had its best idea yet.
Why not integrate a computerized system with an
electromechanical system so that not only being more
stable, its also secure.
Bad Idea. If the MRLBS, which is shipped with the DMS
500 trunk accessory pack is not installed before
operating, the DMS-500 system can be reduced to a
flashing, buzzing, whirring piece of metal with no
real value. Here's why.
When you initiate a call, you are reversing voltage
in your telephone, this creates a small field within
your trunk, which is connected directly to a PCI card
in the DMS 500. Now, we can measure magnetic fields in
ppmps, which is Particle Potential to Move (per second.)
One subscriber, using a regular band to initiate a call
creates 20PMPS, which is about the strength of a
refrigerator magnet. Imagine 10,000 subscribers initiating
calls. And whats worse, is that its about 40 to 55PMPS
when someone RECEIVES a call!
The MRLBS equally distributes this field, and almost
rythmically converts this magnetivity into electricity
and discards it, back into the dry cell it is connected
to.
//II.How to get RID of the MRLBS//
WARNING: DAMAGING A 14 MILLION DOLLAR PIECE OF EQUIPMENT
CAN BE DANGEROUS TO YOURSELF. BE CAREFUL. DO NOT DO THIS.
You can easily bump the MRLBS offline and cause a fire at
your local CO, since the software does not automatically
detect a failure on this bus breaker.
Simply disconnect your telephone, place the RING wire
around the TIP wire. now connect this to one end of a
STSP (single throw, single pole aka a light switch)
switch, connect the other to the NEGATIVE end of a wall
socket. (left prong). YOU WILL NOT BE ELECTROCUTED.
Flip the switch. You have just injected raw magnetivity,
which is opposite to the recieving end of the MRLBS
and this signals it to go into DISPOSAL mode. In this mode,
it turns off while spare electricity trickles out and is
dispersed. You cannot create nor distroy energy.
//III.Formulas//
Load Balancer Alogrythm:
NU/NP*NB/NC=LPL
LPL*CC/20=RB
RB*IB=TL
TL/60*NU = LOAD TO BALANCE or LTB.
NU = Number of Users
NP = Number of Ports
NB = Number of Balancers
NC = Number of Channels
LPL = Load per Line
CC = Channel Capacity
RB = Receive Balance
IB = Initiative Balance
TL = TOTAL LOAD.
NU = Neutral Users (on hook)
*******
**END**
*******
-========================================================================-
--======================================================================--
6.Breaking into VMBS ---===============================================---
Written By: ic0n (ic0n@phreaker.net) ----=============================----
Submitted For: NPANXX 004 (www.teamphreak.net) ----===================----
Written On: XX/XX/XX ----=============================================----
------==============================================================------
-------============================================================-------
Intro:
Voicemail can be used for many useful things to the phreak. i'm not goi
ng to
get into that. I'm only going to explain how to hack many diffrent types of sy
stems.
i know there is about 10 other systems that i did'nt talk about at all in here
. But
all the infomation in this artical will help you get many voicemail boxes and
just
remember it's all pretty much common sence. With that said let's begin.
Finding a system:
There are so many voicemail systems today it's not even funny. The best way to
find
a system or a direct dial box is to find them by scanning toll free numbers. A
bout
half of the systems will tell you that it's a voicemail system by saying 'welc
ome
to the blank voicemail system' or they will ask for an ext. number. Make sure
you
note everything you find while scanning you may find something really cool and
not
even know about it.
After you finish you scan go back and find out what vms (voicemail systems) yo
u have
found The best way to see if there systems is after you dial up hit * (star) o
r #
(pount) and if they are a vms they may give you a login prompt.
Here's a list on how to login prompt to most of the vms:
Audix: *8
Octel/Aspen: # sometimes * #
Meridian: *81
Message Center: *
Phone Mail: none it just ask for your pass code
Partner Mail: *8
On some direct voicemail boxes: 0
Most Common On Direct Dial boxes: # (pount) or * (star)
Defult Pass codes:
On 2 digit systems
9999,1234
On 3 digit systems
1234,9999,box number,999,123,000,111,222,333,444,555,666,777,888,
On 4 digit systems
1234,9999,box number,box number backwards,0000,1111,2222,3333,4444,5555,6666,7
777,
and 8888
On 7 digit boxes
1234,9999,1234567,9999999,box number, last 4 digits of box number,0000
On 10 digit boxes
1234,9999,9999999999,0123456789,1234567890,box number,0000
Admin Boxes:
Admin boxes are the coolest thing ever since sliced bread. It's pretty much th
e box
that runs the whole system. On some systems you can create and delete boxes an
d login
to a box without even knowing the code. I also was told on some systems that t
here is
no admin box like these systems (Audix and Merdian). Other then them two syste
ms i
have found and hacked or talked to some fellow who hacked a admin box on all t
he other
type of systems. One more thing Never ever change the code on these boxes.
Some Defult Places For Admin Boxes:
1000,9999,9000,1111,1234,5000
Hacking 2 digit Boxes:
Systems that I've seen that used this layout: (Partner Mail)
Now as you might have guessed this system is so easy to hack a box on.
The 1st few boxes I tell you to try will almost get you at lease one
box. 99 if that box does not work try 10 and 00. If for some reason these
boxes where not valid try 20,30,40 and so on and 05,15,25 and so on
with this done you have a good layout on the system. and try the basic
defult pass codes and you should have at lease one box.
Hacking 3 Digit Boxes:
Systems that I've seen that used this layout: (audix,octel,aspen,cheap company
s)
Most Older and cheaper Systems have this type of layout and really is quite ea
sy
to find more boxes than on than any other system. The First few boxes
I try are x00,999,888,777 and so on. Chances are very good to find more
than 5 boxes this way but only 1 or 2 maybe hackable or that are no longer
in use with the user.
Hacking 4 Digit Boxes:
Systems that I've seen that used this layout: (Audix,Octel,Aspen,Meridian,
Message Center,Phone Mail and cheap companys)
This is the Most Popular layout and almost every system has over 30
boxes that have the temp code still in place. Witch making getting the
box very easy. Like in all the other systems i try 9999,1000,x000,1111,
2222,3333 and so on. Also it would be a good idea to scan like 1100,1200,1300
also because some systems try to fool you (Witch Never works).
Hacking 7 digits boxes:
Systems that I've seen that used this layout: (octel,local systems,Message Ce
nter)
Now most of the time you come acrossed a system like this the boxes are someon
e
fone number minus the area code. and or a greety fone company. Here's the firs
t
pick of boxes to try 9999999,9999998,1000000,2000000, and so on. Systems with
boxes
this long most of the time have direct dial feature witch means you have a dir
ect
number to your voicemail box.
Hacking 10 Digit Boxes:
Systems that I've seen that used this layout: (octel,verizon,ameritech,bell ca
nada,bell
south, and many other long distance voicemail systems)
Now your thinking no way or something but getting boxes on here are quite simp
le if
you have the time on your hands. But try the fone number you dialed to get the
system
this box should be valid and the admin box. If not it will be the outgoing gr
eeting box
witch is also cool to be able to do.
Other k d45h r4d voicemail hacking tricks and stuff:
Audix when you dial up a audix vms and hit star (star) 8 it tell you how many
digits
the boxes are. Also Ive noticed that no box ever starts with a 1
Octel When scanning for boxes this trick will help you. This works on all layo
uts also
but you enter all the digits but the last one and wait if a error message star
ts playing
you know there's no boxes in that 10 number range.
Messgae Center- The 1st time the box has been log in to a box there is no pass
word.
Some VoiceMail Systems Dial in Numbers:
1-800-317-6245 Message Center
1-800-232-3472 Audix type 1
1-800-222-6245 Audix type 2
1-800-574-6245 Meridian
1-877-447-6245 Fone Mail
1-800-954-6245 Octel 6 Digit boxes
Company's VoiceMail Systems
1-800-408-6245 3 digit boxes
1-800-366-76245
1-800-631-3400 box 998 code 998
_ ____
(_)____/ __ \____
/ / ___/ / / / __ \
/ / /__/ /_/ / / / /
/_/\___/\____/_/ /_/
-========================================================================-
--======================================================================--
7.WOE-DATA FLOW DIAGRAM ---============================================---
Contributed By: Phractal (phractal@teamphreak.net) ----===============----
Contributed For: NPANXX 004 (www.teamphreak.net) ----=================----
Trashed On: xx/xx/xx -----===========================================-----
------==============================================================------
-------============================================================-------
________________
| Net Provider/ | | Network
/---->| Open Server |------->| Alpha1-
NCC
| |_______________|
| /|\ ---------------------------
---------\
\--\ | / ____________
|
_____________ ___________ | | / | Converstion|
|
|Oracle Order| | | | /-----\ | scripts for|---\
|
/----->| Entry |---->|Oracle Fin|<---->| CAM |--->| r1 accounts| | I
nvoices |
| | Cingular | |__________| | \-----/ ____ |
/|\ |
| | Wireless | /|\ | ____________ | BP| |
| |
| | BSWD BSC | \------|--\-->| Hardware \--->| | |
| |
| |____________| /---------------\ | | | only \ | d | |
| |
| |TIBCO Processes|--/ | | converstion \ | a | |
| |
| \---------------/ | | scripts | | t |<-/ |A
rbor BP |
| /|\ | \_____________/ | a |----->|b
illing |
| ______|______ | | b | |P
rocess |
| | OM database |----/ ______________ | a |
/|\ |
| |_____________|----->|Arbor updater |-->| s |
| |
| /|\ \ \--------------/ | e | |
IPS | |
| | \ |___| |U
sage| |
| | \ __________ | |
Logs| |
| /--------------------\ \---->| TIBCO |--------|----\
/|\ |
| ___ | Monet | | Adaptor | | |
| |
| |s | | (WOE Database) | | |
| |
| |i | | Fidelity Generic |<---------------------------/ | __
_|____ |
| |l | | WOE Enterprise AOL | \-->|
IPS | |
| |v |-------->| Cingular Wireless |-----\ |G
ateway| |
| |e | | BSWD BSC | |
/|\ |
| |r | \--------------------/ |
| |
| | | | | I
PS | |
| |s | ____________ | | M
anager|<-/
| |t |<-------| AOL File | |
| |r | _____|_____________________
| |e | _______________ | Millennium Reports (SSO) |
| |a |<-------|WOE interface | |__________________________|
| |m | | fidelity |
| | | |Cingular |
| |s | | Wireless |
| |e | |Generic WOE |
| |r | |WOE enterprise|
| |v | |BSC BSWD |
| |e | \--------------/
| |r | /|\
| |__| |
| |
\-----------------------/
*******
**END**
*******
__________
/ ________/
/ / _____ _____ _ __ _ _______
/ /________ / __ \ / __ \ / / / | / / /__ __/
\_______ / / /__/ / / /__/ / / / / | | / / / /
/ / / ____ / / 0wned! / / / /| |/ / / / ==================
=====================================
________/ / / / / / | | / / / / | / / / / ===========T=H=E==
=====================================
/_________/ /_/ /_/ |_| /_/ /_/ |__/ /_/ =================E
=V=I=L===============================
<==$Phractal$==> ==================
=======E=M=P=I=R=E===================
Teamphreak toll free information hotline/msg center is now OPEN. The number is:
1-866-248-7671 ext: 3974
====_==_============_===================== Special Thanks to our good friends
at .............
| | | \ | | / /======================
| | | \ | |_/ |====================== *** *** ********** *********
* *********** *********** ***
|__ | | \| | \ _/====================== **** *** ********** *********
* *********** *********** ***
========================================== ***** *** *** *** *** **
* *** *** ***
****** *** *** *** *** **
* *** *** ***
http://9x.tc *** *** *** *** *** *********
*** *********** ***
http://f41th.com *** *** *** *** *** ********
*** *********** ***
http://phonelosers.org/.net *** ****** *** *** *** ***
*** *** ***
http://blacksun.box.sk *** **** ********** *** **
* *** *********** ***********
http://verizonfears.com *** *** ********** *** *
** *** *********** ***********
http://undergroundnewsnetwork.com
http://ghettosoldier.com
http://ppchq.org
Proud Supporters of the .....
_ _ _ _ ____ _____ ____ ____ ____ ___ _ _ _ _ ____ _ _
_____ _ _ _____
| | | | \ | | _ \| ____| _ \ / ___| _ \ / _ \| | | | \ | | _ \ | \ | |
____\ \ / /|___ |
| | | | \| | | | | _| | |_) | | _| |_) | | | | | | | \| | | | | | \| |
_| \ \ _ / / / /
| |_| | |\ | |_| | |___| _ <| |_| | _ <| |_| | |_| | |\ | |_| | | |\ |
|___ \ \| |/ / / <_
\___/|_| \_|____/|_____|_| \_\\____|_| \_\\___/ \___/|_| \_|____/ |_| \_|
_____| \_____/ /____|
_ _ ____ _ _ _ ___ ____
| \ | | ___|__| |__\ \ / // _ \ | _ \ | | / / http://UnderG
roundNewsNetwork.com
| \| | _||__ __|\ \ _ / /| | | || |_) | / /
; http://UnderG
roundNewsNetwork.com
| |\ | |__ | | \ \| |/ / | |_| || _ < | |\ \ http://UnderG
roundNewsNetwork.com
|_| \_|____| |_| \_____/ \___/ |_| \_\| | \ \ http://Underg
roundNewsNetwork.com
